directory securirty

Anon

I want to protect someone to access the directory /script where is all my php scripts. I want to know what are the best and simplest ways to protect it against intrusers.

My idea was to put a index.html file in there so they don't see the directory structure with all the scripts, but can only execute them via http.
Also I had an idea to use htacess protection to avoid any intruser to see all the content the directory script. But I don't know how this would behave when a client calls the script via http, not a directory intruser.
Is there a way to read the htacess variables (user and passw) through a php script when a client asks for it in order to make it go through without asking for user and passw.

Thanks

Rod

Anon

Here is one idea!

First, take all of your important PHP code and isolate it into its own set of files. Then take all of that PHP code and put it into a directory structure OUTSIDE of the web server's document root. This way, the files can't be opened and requested DIRECTLY.

Now in your HTML pages, INCLUDE the PHP code you want by doing something like this:

include( "/a/path/outside/document/root/database.php" ) ;

This would include ALL of the code you need for some sort of database transaction and would protect against someone opening the file through a web browser.

If you use a .htaccess file, the browser will prompt the user with a pop-up log in box. If this is what you want, then you are done. However, you might not want this behavior.

Hope this helps.

Anon

Hi,

If you have access to the configuration files you can set the server to refuse directory listings, so even if you forget yo place an index-file the user cannot list the contents of that dir. Also, if you give all php-files you include the extension "inc", you can instruct the web server to refuse all http accesses to files named "*.inc".

Johan